Deep cyber vulnerability mitigation system
Abstract
A method, system, or apparatus for mitigating computer and network security deficiencies is provided in which, the method, system, or apparatus scans computer system components for finding a vulnerability, generates a Vulnerability Priority Scoring System (VPSS) score for the vulnerability based on the vulnerability, develops a vulnerability mitigation policy based on a system state comprising the VPSS score, wherein the vulnerability mitigation policy provides a best action for mitigating the vulnerability selected among one or more trained possible actions by a deep neural network, and performs the vulnerability mitigation policy based on the best action. Other aspects, embodiments, and features are also claimed and described.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A method for mitigating computer and network security deficiencies comprising:
obtaining a vulnerability scan report for a vulnerability on a computer system component;
generating a Vulnerability Priority Scoring System (VPSS) score for the vulnerability based on the vulnerability scan report, wherein the VPSS score is generated by summing a plurality of values based on a qualitative response associated with at least one of factors: a relevance of a network segment in which the vulnerability is reported, a level of existing protection in the network segment, a number of high-value assets in the network segment, or a length of time of the vulnerability residing in the network segment;
developing a vulnerability mitigation policy based on a system state comprising the VPSS score, wherein the vulnerability mitigation policy provides a best action for mitigating the vulnerability selected among one or more trained possible actions by a deep reinforcement learning agent; and
performing the vulnerability mitigation policy based on the best action.
2. The method of claim 1 further comprising:
developing an adversary based on the system state for identifying a weakness in the vulnerability mitigation policy, wherein the adversary provides a best attaining action selected among one or more trained possible attaining actions by a deep reinforcement learning agent; and
updating the VPSS score based on the best attaining action.
3. The method of claim 1 , wherein the computer system component comprises a software component and a hardware component.
4. The method of claim 1 , wherein the plurality of values is further based on an qualitative response associated with a level of severity of the vulnerability.
5. The method of claim 4 , wherein the VPSS score is generated using a machine learning model,
wherein the at least one of the factors is used as training data to build and train the machine learning model.
6. The method of claim 5 , wherein the machine learning model has a lowest mean squared error (MSE) among a plurality of machine learning models obtained based on the training data.
7. The method of claim 4 , wherein a weight is assigned to each of the at least one of factors, and the weight is calibrated based on a feedback from the vulnerability mitigation policy.
8. The method of claim 1 , wherein the best action is at least one of: a prescribed action for the vulnerability based on available security personnel or a preselected automated action.
9. The method of claim 1 , wherein the system state further comprises at least one of: a location of high-value assets, a security personnel resource information, previously mitigated vulnerability information, and a feedback information.
10. A method for mitigating computer and network security deficiencies comprising:
generating a vulnerability scan report for a vulnerability on a computer system component;
generating a Vulnerability Priority Scoring System (VPSS) score for the vulnerability based on the vulnerability scan report;
developing a vulnerability mitigation policy based on a system state comprising the VPSS score, wherein the vulnerability mitigation policy provides a best action for mitigating the vulnerability selected among one or more trained possible actions by a deep reinforcement learning agent; and
performing the vulnerability mitigation policy based on the best action;
developing an adversary, based on the system state, for identifying a weakness in the vulnerability mitigation policy, wherein the adversary provides a best attaining action selected among one or more trained possible attaining actions by the deep reinforcement learning agent; and
updating, using a processor, the vulnerability mitigation policy when the system state changes.
11. The method of claim 10 , wherein the step of generating a vulnerability scan report is based on a National Vulnerability Database (NVD).
12. The method of claim 10 further comprising:
updating the VPSS score based on the best attaining action.
13. The method of claim 10 , wherein the computer system component comprise a software component and a hardware component.
14. The method of claim 10 , wherein the VPSS score is generated based on at least one of factors: a relevance of a network segment in which the vulnerability is reported, a level of existing protection in the network segment, a number of high-value assets in the network segment, a length of time of the vulnerability residing in the network segment, or a level of severity of the vulnerability.
15. The method of claim 14 , wherein the VPSS score is generated using a machine learning model,
wherein the at least one of the factors is used as training data to build and train the machine learning model.
16. The method of claim 15 , wherein the machine learning model has a lowest mean squared error (MSE) among a plurality of machine learning models obtained based on the training data.
17. The method of claim 14 , wherein a weight is assigned to each of the at least one of factors, and the weight is calibrated based on a feedback from the vulnerability mitigation policy.
18. The method of claim 10 , wherein the best action is at least one of: a prescribed action for the vulnerability based on available security personnel or a preselected automated action.
19. The method of claim 10 , wherein the system state further comprises at least one of: a location of high-value assets, a security personnel resource information, previously mitigated vulnerability information, and a feedback information.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.